Overview: Fight against terror spawns a new industry




By Mark Huband

Financial Times, 2 December 2003

“Alert not alarm” has become the catchphrase of governments worldwide as they have sought to confront and mitigate the impact of the terrorist threat ¬†unleashed by the attacks in New York and Washington on September 11 2001.

Retaining alertness without creating either complacency when attacks do not happen, or stress from the heightened alert apparently having no time limit, has led to billions of dollars being spent on institutionalising this state of alert and integrating counter-terrorism strategies within a broader range of security measures than ever before.

National strategies have varied widely due to countries having launched their efforts from vastly different starting points. But with global trade, financial, transport, power and computer networks perceived as key terrorist targets, transnational initiatives and standards have dictated the pace and fostered a new security industry intent on meeting the need.

“It is incredibly difficult for governments and companies to live at such a high pitch of imminent threat. If there is any suggestion that people are going to take the threat less seriously and then something happens, an enormous liability consequence will result,” Richard Fenning, chief operating officer of Control Risks, the private security company, told a recent seminar on homeland security hosted by the London Foreign Policy Centre.

Stressing the essentially domestic character of the measures taken so far by many countries, the US National Strategy for Homeland Security, issued on July 1 2002, defined the challenge as “a concerted national effort to prevent terrorist attacks within the United States, reduce America’s vulnerability to terrorism, and minimise the damage and recover from attacks that do occur”.

Marrying the needs of domestic security in each country with the international networks through which terrorist attacks can be mounted is resulting, in the US case, in the US case,in the creation of entirely new border controls at land, sea and airports.

So-called “smart borders” between the US and its northern and southern neighbours Canada and Mexico will collect biometric data on visitors; up to three-quarters of the 5.7m containers destined for US seaports will be pre-screened at ports of departure, and the new Transportation Security Administration (TSA) has introduced the most sweeping changes in recent history to regulations governing the use of US airspace.

Meanwhile, the US Critical Infrastructure Protection Board and the Department of Homeland Security (DHS) have overseen the consolidation of decision-making and organisational powers to protect utilities, the cyber infrastructure and transport systems.

As Tom Ridge, US Secretary for Homeland Security, said recently: “You really cannot talk about infrastructure in this country anymore as if the physical and cyber are separate and apart.”

Despite the interconnected nature of critical infrastructure, as well as the global nature of the threat, however, the vast range of innovations undertaken by the US have not been matched elsewhere.

This is both a sign of the extent to which the US feels particularly threatened, but also recognition that the US had further to go. It is also the source of friction between the European Union and the US. Their co-ordination on counter-terrorism measures has been been adversely affected by the dispute over the war in Iraq.

At a recent Brussels conference on homeland security, organised by the New York-based EastWest Institute, Richard Falkenrath, deputy to Mr Ridge, criticised European countries for not doing as much as the US. “Most of our international partners are not going through analogous changes. I have not seen anywhere where there are as many reforms being undertaken as in the US,” he said.

In the UK, David Blunkett, the Home Secretary, rejected the idea of creating a homeland security department on the grounds that it could not be done “without completely dislocating not only our government procedures but the investment that we need in key services that secure the kind of lifestyle, economy and services that make this country worth living in in the first place”.

Industrialised countries share the view that while the resilience of utilities is largely dependent on law enforcement agencies, the continuity of business infrastructure in the face of the terrorist threat is best handled by the private sector.

In the case of cyber security, there is now the growing realisation that security depends as much on security issues being placed at the heart of business strategy as it does on technical measures.

“Cyber security is growing in risk, incidents and vulnerabilities in both the public and private sectors,” the Brussels conference was told by Bill Conner, chairman of Entrust, an information security company which has created much of the computer infrastructure for the US homeland security strategy. A central issue is the extent and character of legislation. “There’s a body of legislation, but it is unfocused,” said Mr Conner.

“September 11 has had a major effect on what businesses see as their responsibilities. The biggest issue is whether to do nothing.” In February this year, the UK Treasury launched a consultation with financial institutions in London to establish whether the terrorist threat warranted the introduction of new government powers to be invoked in times of crisis.

Responses revealed strong differences of opinion. Some in London worried that government powers would discourage business altogether. Organisations such as the Association of Corporate Treasurers argued that new powers could create the perception that the UK was “different” and now involved an extra political risk.

A similar view was held by the British Bankers’ Association (BBA), which argued that “private sector initiatives are best placed to cope with the impact of a catastrophic event on the financial sector”.

The BBA argued that the weak points in the critical financial infrastructure were where its different parts interconnected, and that identifying and strengthening points of weakness was a higher priority than creating new powers. “Plans for legislation should therefore be delayed, if not dispensed with altogether, while this important gap analysis is completed,” it said.

Just as private sector companies ranging from banks to power generators and food distribution companies are seeking to influence government strategy and legislation, the burgeoning private security industry is rapidly becoming a cornerstone of the effort to transform security awareness into sustainable and long-term corporate strategy.

“It is a market opportunity and you can make a pile of money. They have a contribution to make. It is not our job to do this for business as [security] is not a regulated area of activity except for civil aviation and the nuclear industry. It is a matter of [companies’] self-interest,” the official said. For private security companies, the challenge is to provide sound advice without being seen to exaggerate threats to drum up business.

Equally, they are aware that even large corporates are on a steep learning curve. “We would like to sell our services around the world, with minimal restrictions,” says Michael Cherkasky, president and CEO of Kroll Inc, the global security company. “Governments’ role is changing, and they have to integrate the private sector.”Despite the deterioration in the global security environment, large companies are regarded by both government and private security analysts as having been generally slow to factor long-term security measures into their business strategies since the September 11 attacks.

In recent months, the threat to global trade posed by the possibility of attacks on merchant shipping or key sea lanes, for example, has led so far to only a slow response from shipping companies and ports to the requirement that they upgrade security measures in accordance with the new International Ship and Port Facility Security (ISPS) code.

The US is likely to forbid entry to non-ISPS compliant ships or vessels from non-compliant ports, which is likely to accelerate the upgrading process. Such threats, combined with security issues now having become embedded in corporate thinking, are now reshaping the homeland security landscape. “The days of the security official being a functionary are long gone,” says Tim Spicer, chairman of Aegis, the private security company.


© Copyright The Financial Times Ltd 2008